#689418 logcheck-database: refine sendmail STARTTLS rule

Package:
logcheck-database
Source:
logcheck
Submitter:
Stefan Froehlich
Date:
2024-06-01 12:39:10 UTC
Severity:
minor
Tags:
#689418#5
Date:
2012-10-02 12:28:24 UTC
From:
To:
With sendmail, self-signed certificates trigger a warning like:

| Oct  2 13:02:07 hostname sm-mta[24652]: STARTTLS=client, relay=host.example., version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256

There is a logcheck rule for this case (which can be safely ignored),
however it states:

| ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: STARTTLS=(server|client), .* verify=(OK|NO)

This should be changed into:

| ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: STARTTLS=(server|client), .* verify=(OK|NO|FAIL)

#689418#14
Date:
2024-06-01 12:23:55 UTC
From:
To:
On Tue, 02 Oct 2012 14:28:24 +0200

It's a shame no-one replied since 2012,

I wonder if this rule is still valid, and more broadly whether it is
even a good idea - if certificate verification fails you'd want to
know, so ignoring all FAIL messages seems too much?

Is there still interest in adding this to logcheck? we'd need an
updated ruleset to do so